Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Chrome Browser Bug Under Active Attack

    June 10, 2021

    Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue. In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the Chrome ...

  • Gelsemium APT was behind February compromise of NoxPlayer

    June 9, 2021

    ESET has published details of an advanced persistent threat (APT) crew that appears to have deployed recent supply chain attack methods against targets including “electronics manufacturers,” although it didn’t specify which. “Victims of its campaigns are located in East Asia as well as the Middle East and include governments, religious organizations, electronics manufacturers and universities,” said ...

  • Prometheus Ransomware Gang: A Group of REvil?

    June 9, 2021

    Unit 42 has spent the past four months following the activities of Prometheus, a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos. Prometheus leverages double-extortion tactics and hosts a leak site, where it names new victims and posts stolen data available for purchase. It claims to have breached ...

  • Custom Malware Collects Billions of Stolen Data Points

    June 9, 2021

    Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million of the latter still valid at the time ...

  • US brokerage firms warned of ongoing phishing with penalty threats

    June 8, 2021

    FINRA, the U.S. securities industry regulator, has warned brokerage firms of an ongoing phishing campaign threatening recipients with penalties unless they provide the information requested by the attackers. FINRA (Financial Industry Regulatory Authority) is an independent, non-governmental securities regulator supervised by the U.S. Securities and Exchange Commission (SEC) that regulates all securities firms and exchange markets ...

  • Modern Ransomware’s Double Extortion Tactics And How To Protect Enterprises Against Them

    June 8, 2021

    Ransomware actors have been a persistent threat for years, but they are still evolving. The wide adoption of advanced cybersecurity technologies and improved ransomware response processes has limited the success of traditional ransomware attacks. Upgraded security has forced these cybercriminals to evolve their strategies, and has paved the way for what we now call modern ...